Consumers worried about NSA intrusions have little recourse

Consumers worried about the National Security Agency's ability to read even encrypted electronic data have few options, according to cybersecurity and privacy experts.

And some experts said the NSA's reported actions to crack the sophisticated technology that masks data traveling over the Internet may have made that information more vulnerable, possibly exposing Web users to criminal hackers.

"People understandably are frustrated because they are powerless," said Susan Grant, director of consumer protection for the Consumer Federation of America. "Even if you're the kind of consumer who is concerned enough and have the time to bother to explore how to encrypt your communications so that they're confidential, the government is obviously intent on getting around any attempt to keep your information private."

The New York Times, Britain's Guardian newspaper and the nonprofit news website ProPublica reported Thursday that the NSA has bypassed or cracked much of the digital encryption used by businesses and everyday Web users. Since 2000, according to the reports, the NSA has worked with the British government and spent billions of dollars to break encryption technology and insert "back door" access into software before data could be encrypted and transmitted over the Internet.

The revelation about the NSA's abilities to peer into people's private information has created an even bigger opportunity for foreign governments and criminals to scoop up information on untold numbers of Americans, said Trevor Timm, digital rights analyst at the San Francisco-based Electronic Frontier Foundation.

Advertisement

"Even if you trust the NSA 100 percent, they're weakening the cybersecurity system so that it's more vulnerable," he said. "When you place back doors into services or software, that back door is there for everyone. It'll make it easier for criminals to find and for foreign governments to find."

Or as Jeff Hudson, CEO of encryption key provider Venafi put it, "The foundation of this world that we built is starting to crumble. When people say, 'I didn't think the government could do this to me,' I look at it and say, 'Guess what? That's not the worst thing.' This has become a template for criminals who are going to use it to destroy the most important thing on the Internet, which is trust."

A survey released by the Pew Research Center this month, before the latest NSA program was revealed, showed that Americans are increasingly concerned about protecting their online information.

About 86 percent of adult Internet users have taken steps at some point to avoid surveillance by other people or organizations, the study found. Still, 21 percent of them had an email or social media account hijacked and 11 percent had critical information stolen, including Social Security, bank account and credit card numbers.

"We really don't know for sure what all is going on and that is incredibly anxiety-producing to people," said Dorothy Glancy, a Santa Clara University law professor who teaches about privacy and was part of the Senate staff that worked on the Watergate hearings in the 1970s. "Personally, I want to be smart about privacy and proactive about privacy. But there's really very little we can do until we know exactly what the threats are, and the chances of finding that out are zero."

Grant said the NSA program has a "chilling effect on our ability to speak freely and to associate with other people, all of these democratic values that we hold dear. When you hear the lengths that the government is doing to get around technologies that people are deliberately using to be private, it makes you careful about what you say and what you do. We shouldn't have to worry about that."

Several people such as Grant who are concerned about the NSA revelation said worried Americans have little recourse other than to contact their representatives in Washington and demand an end to the NSA program.

"Companies that are providing secure communications are in a quandary," she said. "They can't really guarantee that their communications are private." On Friday, the Washington Post revealed that Google (GOOG) is taking steps to better encrypt its data.

Dave Anderson, senior director at Cupertino-based Voltage Security, which sells encryption technology, said consumers worried about the security of their banking or medical information should ask their institutions about how they encrypt information and keep it secure.

"Has their code been reviewed?" Anderson asked. "Is their keying generated in a random versus a non-random way? The general consumer may not understand the strength of the algorithms at play, or how the key management systems work or the underlying crypto-speak, but they can ask their banker or insurance company if they're implementing sound, secure, auditable processes."

Even if consumers accepted -- or understood -- the answers, Anderson acknowledged that local banks and hospitals probably would not know if the NSA also had access to their information.

Rockies relief pitcher John Axford, who hasn't pitched for the team since last Wednesday, was forced to leave spring training camp after his 2-year-old son was bit by a rattlesnake twice in his right foot.

One-day event to run slide down University HillIt's not quite the alternative mode of transportation that Boulder's used to, but, for one day this summer, residents will be able to traverse several city blocks atop inflatable tubes.

DETROIT (AP) — In a story March 27 about a 'Little Syria' exhibit going to Ellis Island, The Associated Press, due to incorrect information from the Arab American National Museum, erroneously reported the date the exhibit will open. Full Story